Strengthening Your Organisation’s Risk Management Framework

UK organisations have made significant progress on workplace safety and health over the years. But the numbers prove there is still plenty of room for improvement — and how there is risk in complacency.

The latest annual report from the Health and Safety Executive (HSE) illustrates the scale of the risk management challenges that organisations face. From April 2024 — March 2025, the UK recorded 124 worker fatalities from work-related accidents. Granted, some sectors and activities are naturally more prone to health and safety incidents than others. The highest concentrations of worker fatalities were recorded in construction (35), agriculture, forestry and fishing (23), transportation and storage (15), and manufacturing (11). The most common fatal accident type continued to be falls from a height (35).¹

But incident volumes don’t tell the full story of an organisation’s risks. Numbers of non-fatal workplace injuries and work-related illnesses were many times higher than the fatalities. From 2024-2025, an estimated 680,000 workplace injuries were self-reported in the UK, while nearly 2 million people suffered from work-related ill health. People lost over 40 million working days due to work-related illness and workplace injury. Beyond the physical and mental costs generated by injury and illness, the financial costs totalled tens of billions of pounds across a wide range of sectors.²

“It’s essential for organisations to understand their specific risks, where incidents cluster, and why,” said Richard Harrison, Head of Risk Control. “Risk managers play a critical role by helping their organisation anticipate potential risk scenarios and embed risk management practices into daily operations. They have the power to stop issues before they escalate into dangerous conditions.”

Why UK organisations need stronger risk management

Risk looks different across various sectors of the economy. In the HSE’s industry breakdown of self-reported non-fatal injury rates, the sectors with statistically higher-than-average injury rates are accommodation and food services, construction, transportation and storage, and wholesale/retail (including motor vehicle repair). However, for work-related ill health, the sectors with higher-than-average rates include human health and social work, public administration and defence, and education.³

The results demonstrate that risk isn’t confined to industries traditionally associated with heavy physical labour — and workplace risk management isn’t a one-size-fits-all exercise. A transportation operator and a high-street retailer may use similar risk management documentation but have a multitude of risk differences between them. The transportation operator is likely to face risks such as vehicle movements, load handling, fatigue, and driving standards. The high-street retailer is apt to encounter risks such as slips, trips and falls, manual handling and customer aggression.

Understanding and managing the specific risks of the environment can mean the difference between operating a safe organisation and a hazardous one.

Progress isn’t permission to be complacent

It’s true that the UK is far safer than it was decades ago. Workplace fatality numbers were 495 in 1981, 223 in 2004-2005, and 124 in 2024-2025, according to HSE data. But a downward trend can be misleading when it comes to perceiving current risks. A stable fatality rate can sit alongside major organisational change: new technology, new suppliers, new sites, different workforce demographics, and tighter margins can all erode risk control effectiveness. The controls that worked well in past years may not match today’s operating reality. Making risk management a dynamic practice can help protect against complacency. 

What a strong risk management framework should include

A robust risk management framework is not just a policy binder or an item in an annual board cycle. It is the way an organisation assigns ownership, makes decisions amid uncertainty, and verifies that controls work in practice day to day. It includes these things:

1. Clear roles and responsibilities 

The framework clarifies who is responsible for what, at every level of the organisation. This goes beyond job titles or high-level statements and defines ownership across the full risk lifecycle. Specifically, the framework should identify who is accountable for:

• Identifying hazards and emerging risks
• Ensuring workplace risk assessments are suitable, sufficient, and kept up to date
• Designing and approving risk controls
• Maintaining critical controls and safety-related equipment
• Confirming that employees and contractors are trained and competent
• Managing third parties and contractors whose activities affect risk
• Investigating incidents, near misses, and unsafe conditions
• Providing independent assurance that controls are operating as intended

By spelling out these responsibilities, you protect your organisation — by reducing gaps, overlaps, and assumptions about who “owns” a risk. You also protect the individuals in the organisation, because people can effectively perform duties only if they are clearly defined, understood, and properly resourced.

A well-designed risk management framework also distinguishes between accountability and task execution. Senior leaders and the board may retain accountability for risk outcomes, while operational managers and frontline supervisors are responsible for day-to-day control implementation. The framework should make these relationships explicit.

A useful test of effectiveness is the “line of sight” test. If a serious incident happened tomorrow, could the organisation demonstrate a defensible connection between the board’s stated risk appetite, senior management decisions and resource allocation, and the controls, supervision, and maintenance activities happening on the frontline?

If that line of sight is unclear, there is likely a need for better defined ownership within the risk management framework.

2. Scenario planning and anticipation of potential failures  

Strong frameworks look forward. They combine leading risk indicators — like control failures, overdue inspections, high staff turnover, or fatigue — with questions about potential risk scenarios.

For example, what might happen if a key supplier fails? What if maintenance were deferred? What if high staff turnover leads to inadequately trained staff performing tasks?

This matters most in high-hazard areas (work at height, vehicle movements, machinery interface), but the same logic applies to psychosocial risks and chronic exposures that drive long-tail harm. (For example, Travelers research has found that unmanaged stress and burnout in law firms can lead to mistakes, claims, or reputational harm.)⁴

3. Defined procedures for identifying and managing risks 

A mature framework treats assurance as an exercise that goes well beyond an annual audit. It includes targeted checks on critical controls, meaningful near-miss reporting, thorough incident investigations that identify system causes, and governance that ensures the actions taken to fix a problem actually reduce risk.

In practice, this involves identifying your critical controls, setting clear performance requirements, and verifying them routinely.

What happens when risk management falls short

Most gaps aren’t caused by a lack of good intent, but by predictable friction points that can be corrected:

• Tick-box compliance over risk reality. The organisation may be so focussed on recording inspections that it avoids asking deeper questions about whether controls remain suitable and sufficient.
• Fragmented ownership. When safety, operational risk, HR, facilities, and procurement each own a slice of a risk, no one is fully responsible for it.
• Siloed data. Near misses, maintenance issues, quality defects, and staff feedback sit in separate systems, making it harder to see warning signs early.
• Resource and capability constraints. Time pressure, thin management layers, and skills shortages can lead to generic assessments and superficial assurance.
• Complex supply chains and contractor models. Control effectiveness can be undermined by inconsistent standards, unclear supervision, and blurred accountability across parties.
• Change outpacing governance. New sites, processes, and tech are often implemented faster than risk assessments, training, and control validation can keep up.
• Cultural barriers. If people fear blame — or assume that the way a job has been done for years is the way it should be done — hazards can go unreported and deviations can become normalised.

Supporting tools and guidance for better risk control

Strengthening risk management doesn’t start with rewriting your organisation’s policy. It requires pinpointing your material exposures, identifying the critical controls that prevent catastrophic outcomes, assigning clear ownership, and building routine verification into day-to-day business practices.

The UK’s long-term safety gains show that steady improvement is possible. But the persistence of fatalities and high injury and ill-health cases demonstrates why risk managers can’t stop at ‘good enough.’

“Active, comprehensive risk management plays a critical role in improving the health and safety of an organisation — and reducing its claims,” said Harrison. “That’s why Travelers works so closely with clients to fine-tune risk management strategies alongside insurance protections.”

Travelers risk management resources and practical guidance

Health and safety risks aren’t always easy to see in an organisation, but Travelers can help uncover them and support practical improvements. Our proven health and safety maturity model helps customers identify strengths and gaps so they can better manage their risk and build a safer workplace. In addition, our Safety View survey helps organisations collect feedback from employees about the effectiveness of their safety management programme, enabling them to make targeted changes as needed. 

If you have questions about how Travelers can help you manage your risk, please contact our expert risk control team. You can also find out more about our risk management services.

Sources
¹ https://www.hse.gov.uk/statistics/fatals-overview.htm
² https://www.hse.gov.uk/statistics/overview.htm
³ https://www.hse.gov.uk/statistics/industry/index.htm
⁴ https://www.travelers.co.uk/insights/legal-sector/mental-wellbeing-in-law-firms

This article is provided for general informational purposes only. It does not, and it is not intended to, provide legal, technical or other professional advice, nor does it amend, or otherwise affect, the provisions or coverages of any insurance policy issued by Travelers. Travelers does not warrant that adherence to, or compliance with, any recommendations, best practices, checklists, or guidelines will result in a particular outcome. Furthermore, laws, regulations, standards, guidance and codes may change from time to time and you should always refer to the most current requirements and take specific advice when dealing with specific situations. In no event will Travelers be liable in tort, contract or otherwise to anyone who has access to or uses this information.